Five familiar email fails

Five familiar email fails: Why they could be more than an embarrassing mishap

Email is a fundamental component of business communications. The benefit of near instant messaging, no matter the location, means that business deals and management can be conducted quickly and seamlessly. But our reliance on email as a communication tool has inspired an element of complacency amongst users. The repetitive and familiar nature of email usage means that users can often forget that without the right protocols in place, email can be a window to serious cyber security breaches. It’s not just external cyber threats that businesses need to be mindful of.
Andrea Babbs, UK General Manager, VIPRE SafeSend, explores the most common email mistakes that we’re all guilty of making, and why they could be more than an embarrassing mishap.

The wrong email recipient

With increasing numbers of employees now working remotely, the traditional single office-based computer setup is now becoming less popular within businesses – especially when fuelled by the need for home working during the Covid-19 pandemic. Combined with increasing pressures on staff to work harder, better and faster, it’s easy to see why many don’t pay too much attention to verifying the accuracy of the email address they are sending information to – we’ve all done it! But while it might just seem like an unfortunate mistake, it could have far reaching consequences.

It only takes one incorrect character or autocorrect taking over for sensitive information to land in the wrong inbox. And what if that recipient is a competitor or cyber criminal?
In 2018, Commonwealth Bank staff inadvertently sent 651 emails to an overseas company as they forgot to include ‘.au’ at the end of the domain that should have read ‘cba.com.au’. This leak happened without anyone noticing for a prolonged period of time, potentially putting sensitive and private customer information at risk.

Sending email attachments to the wrong contact

Similar to the above, sending the wrong attachment to the wrong person is also a common user error that could put company data in jeopardy. If confidential corporate information, such as unpatented new product information, falls into the wrong hands or inadvertently into the public domain, this could deliver a huge advantage to the competition or even damage company reputation.
Moreover, with data protection requirements such as GDPR and industry specific regulations in place, organisations now face the threat of severe penalties should they breach conditions designed to keep personal data secure.

For example, Surrey County Council was served with a penalty of £120,000 after three data breaches that involved misdirected emails. This included a staff member sending an email with the personal data of 241 individuals to the wrong email address. The information was not encrypted so was instantly accessible to the recipient and a direct breach of data protection regulations.

The ‘reply all’ fail

We’ve all heard stories about the employee getting frustrated with their customer, boss or colleague, replying to an email chain but forgetting their boss or customer is copied in! While that’s a very bad mistake to make, from a company reputation perspective it’s even more damaging when the customer – still copied in – is the focus of the frustration.
Reply all email ‘storms’ can also cause havoc within businesses. This is when a sudden surge of ‘reply all’ messages come through, usually as a response to a controversial or misaddressed email. This happened within the NHS where an IT contractor sent an email without realising they had copied in 840,000 other colleagues. With users quickly using the reply all function to complain, the system couldn’t cope, causing serious issues for NHS staff – many taking to social media to vent their frustration.

To bcc or not to bcc?

As discussed, adding in email recipients is a task that may seem simple, but if not done correctly, can have devastating repercussions for businesses. The misuse of CC and BCC functions could expose your entire contact database, exposing customer emails to potential hackers or competitors.

In 2018, the Independent Inquiry into Child Sexual Abuse was fined £200,000 by the Information Commissioner’s Office after a staff member emailed 90 people using the “to” field instead of the “bcc” field – allowing recipients to see each other’s addresses. This mass email identified possible abuse victims through this human error, breaching the Data Protection Act and tarnishing their reputation.
Another and more visible problem with the BCC functionality is when someone who was BCC’d clicks ‘reply all,’ alerting all those who were CC’d on the email that they were not the only recipients. This is a bigger problem than most people think as it raises unnecessary questions and can hinder brand trust and integrity when customers and suppliers are involved.

Data breach – accident or intent?

More than 269 billion emails are sent each day, so it’s no surprise that misaddressed emails are the largest source of data loss for organisations. Hackers can take advantage of complacency within email culture with a number of techniques. For example, disguising emails to appear as though they are an internal email, whereas they actually come from a spoofed domain that looks almost identical to the real thing. With employees sending so many emails a day and trying to work as quickly as they can, they could fail to spot this and potentially fall victim to a malware or ransomware attack, exposing the organisation’s network and sensitive files.

On the other end of the scale are data breaches conducted with malicious intent. For example, the Morrisons insider threat breach was carried out by a disgruntled former employee who stole and published payroll data of nearly 100,000 staff members online. His aim was to disparage the reputation of his former employer after a disciplinary matter. The breach reportedly cost the company £2 million to rectify.

With emails accounting for such a big part of the way we communicate professionally, particularly when working remotely, it’s important to be aware of and educated about the common email mistakes that often occur. To support employees and reduce the risk of a data breach, businesses can implement intuitive technology that can spot errors, highlighting to the user where potential mistakes might be made and where threats might be hiding.

By using technology that provides a simple safety check and prompts the user to stop and check the message twice before sending, organisations can be in a better position to keep employee productivity high, whilst also reducing the chance of errors. By double checking the receipts of your email or any included attachments before sending the message, these solutions can help organisations avoid the potentially costly error of revealing the wrong information to the wrong person.

 

Share this article on Twitter or LinkedIn.

See more news here.

Georgina Turner image

Georgina Turner

Sales Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Graphic displaying a lockdown solution

Netgenium debuts next gen display and touchscreen technologies

Power-over-Ethernet (PoE) solutions specialist Netgenium will be showcasing its new range of IP…

ICT® Launches New TSL Access Reader Series

Integrated Control Technology (ICT®), a leading manufacturer of intelligent access control and…
Image Provided by Paxton

Paxton Partners with Skills for Security

The security technology manufacturer Paxton is proud to announce a partnership with Skills for Security…
Image Provided by ICT

ICT and Ingram Micro sign distribution agreement MEA

Integrated Control Technology (ICT), award-winning global manufacturer of intelligent electronic access control and security solutions..
Image Provided by Toshiba

Toshiba launches new HDD Innovation Lab

Toshiba Electronics Europe GmbH (Toshiba) has inaugurated a new HDD Innovation Laboratory (HDD Innovation Lab) at its site in Düsseldorf..
Image Provided by Verkada

Verkada Doubles Down on the Channel with Strategic New Hire

Verkada, a leader in cloud-based physical security, today announced the appointment of Micah Deriso as Head of Global Channel…
Image Provided by IPSA

IPSA Appoint Frontline Hero as Ambassador

Abdullah, the courageous security officer praised for foiling a horrific knife attack at Leicester Square, has been appointed as…
Image Provided by Codelocks

New Surface Latch from Codelocks

Codelocks is expanding its Gate Solutions by Codelocks range with the introduction of the new Codelocks’ Surface Latch…
Image provided by Genetec

Nicholas Smith to Lead Genetec UK and Ireland Operations

Genetec, provider of enterprise physical security software, announced the appointment of Nicholas Smith as its new Regional Sales Director…

News Desk

View all the latest, product, project and people news

News Desk

Click Here

Technology News

Keep up-to-date with the latest product innovation

Technology News

Click Here

Industry Sectors

Discover technology in action in all applications

Industry Sectors

Click Here

Enter The Awards

Showcase personal or organisation excellence

Advertise With Us

Reach decision makers and amplify your marketing

Advertise With Us

Click Here
Scroll to Top